Schwartz On Security: Zombie Internet 'Kill Switch'

Surgically disabling crucial parts of the Internet is folly, our columnist argues, no matter the powers supposedly bestowed by legislators.

Should President Obama be able to pull the plug on the Internet?

It seemed like the concept of an Internet kill switch -- which Sen. Joe Lieberman, I-Conn., may have introduced in a bill -- might have gone away.

But a report from Unisys found that nearly two-thirds of 1,000 people surveyed support the concept. Or, as the findings put it: "If there were clear evidence of a malicious cyber-security attack by a foreign government against our military, civilian government, electrical grid, financial systems or other critical infrastructure, should the President have the authority to take control of or effectively shut down portions of the Internet to mitigate a crisis?"

Despite the 61% who said yes, it's a flawed question and that's the real issue. Evidence of who is behind an attack is almost never clear. Even when the attacker appears to be clear, the evidence may have been fabricated. "Packets that come with return addresses are easy to spoof," according to Bruce Schneier, CTO of BT Counterpane. "Remember the cyberattack [on] July 4, 2009, that probably came from North Korea, but might have come from England or maybe Florida? On the Internet, disguising traffic is easy."

Indeed, what's to prevent a foreign government from opening an account with Comcast, or renting a botnet? According to Rob Rachwald, Imperva's director of security strategy, hiring a 24-hour distributed denial of service attack can run a few thousand dollars, generating a million spam emails might cost $200 and "a monthly membership for phishing sites is roughly $2,000." Who says outsourcing doesn't offer attractive economies of scale, for criminals and adversarial governments alike?

Say, however, that you somehow did know with pinpoint certainty that the agent of a foreign government had logged onto their computer and launched a direct attack at some piece of critical U.S. infrastructure. There's little, if anything, you could do to deal with the attack by temporarily deactivating parts of the Internet.

Indeed, while the concept of an Internet kill switch may conjure up images of surgical, action-hero efficiency, in reality the result would likely be more like Team America. Read: causing more damage than it was supposed to prevent.

Furthermore, the Internet wouldn't go quietly. "The Internet was designed to withstand a nuclear war, it's self-healing, self-redirecting, it's like the Borg, it will assimilate anything in its path," said Patricia Titus, global chief information security officer at Unisys.

"The other thing about the Internet is the hackers and bad guys don't want it to go down," she said. "We even saw some malicious code that healed people's PCs -- meaning that it applied patches -- to protect the device so it could be used in malicious attacks."

In other words, even if you tried to kill parts of the Internet, it would probably cause immense amounts of damage and not die anyway. So maybe it's time to back away from that kill switch, once and for all.